Ten Keys to Managing Reputation Risk

Warren Buffett once famously said that it takes 20 years to build a reputation and just five minutes to ruin it. All of us see evidence of how true this bit of wisdom is all the time. In the wake of recent corporate scandals, I thought now might be a good time to revisit some of the advice we give our clients on how to preserve reputation and brand.

These “Ten Keys to Managing Reputation Risk” were originally published in April 2013, in Volume 5, Issue 2 of The Bulletin, but they are as relevant today as they were then. They represent what I believe to be the nuts and bolts of reputation risk management, and their effectiveness or absence can make or break a company, as many have discovered first hand. We have organized them below according to five broad imperatives.

Strategic Alignment – A sustainable reputation begins at the top.

Effective board oversight – Sets the expectations and lays a foundation for managing reputation risk. The board is an organization’s last line of defense in preserving its reputation and brand image.

Integration of risk into strategy-setting and business planning – Makes risk a factor at the decision-making table and facilitates the intersection of risk management with performance management. (This is a critical connection.)

Effective communications, image and brand building – While a good story is easy to tell, some companies are better at it than others. Messages that the press, analysts and others communicate are influenced by the good marks on the other nine keys discussed here.

Cultural Alignment – The importance of ethical and responsible business behavior has never been more evident.

Strong corporate values, supported by appropriate performance incentives – Tone at the top is vital to effective corporate governance and appropriate incentives help drive a consistent tone in the middle.

Positive culture regarding compliance with laws and regulations – A record of having made a strong effort to prevent and detect fraud and corruption is essential to demonstrating the “reasonable assurance” regulators expect.

Quality Commitment – All companies with a strong reputation are noted for their commitment to quality people, processes, products and services.

Priority focus on positive interactions with key stakeholders – Stakeholder experiences, or the accumulation of everyday interactions with customers, employees, vendors, regulators, shareholders and other stakeholders in the company, get noticed in the marketplace and are a powerful approach to improving and sustaining reputation. They represent critical “moments of truth” that collectively define an organization’s reputation.

Quality public reporting – Quality public financial reporting is something investors expect. If management doesn’t deliver it, it may take a long time for the markets to forgive and forget.

Strong control environment – The control environment comprises, among other things, the organization’s commitment to integrity and ethical values; the organizational structure and assignment of authority and responsibility; the process for attracting, developing and retaining competent people; and the rigor around performance measures, incentives and rewards to drive accountability for results. The standards, processes, structures and technologies that provide the basis for carrying out internal control across the organization, lay the foundation for a strong controls culture.

Company performance relative to competitors – Even if a company does everything else right, its reputation will suffer if its business model is not competitive in the marketplace.

Organizational Resiliency – A company’s reputation is inextricably linked with the resiliency provided by its risk management and crisis management.

World-class response to a high-profile crisis – Sooner or later, every company faces a crisis. Its reputation depends on the rapid and decisive response to crisis situations, putting responsibility to the safety of people first. It is a management imperative to build a rapid-response crisis management capability for sudden and unexpected events, especially where they relate to security, safety and environmental issues.

The ten keys outlined above represent the key components to address to reduce reputation risk to an acceptable level. Their common thread is a consistent and sustaining culture that recognizes the value of reputation and actively protects it with a systemic commitment to quality, ethics, communication, controls and preparation.

No company should believe it is immune to a reputational crisis. Nevertheless, a sincere and concerted effort to manage reputational risk by paying attention to the ten components outlined above gives a company a good shot at making it through the fire with its reputation intact.